I’m working on a mashable page for FH’s intranet, and one of the potential issues is safety if we allow content that isn’t on some “approved list”. That’s exactly the point of Caja (from Google) – “A source-to-source translator for securing Javascript-based web content.”

The Caja page also links to some other pages of groups working on other problems. Most notably:
The Caplet Group (on Yahoo tech groups) : The Caplet Group is discussing the situation of the web browser, in particular the Mashup Problem, and the possibility of using a capability messaging system to allow safe and useful communication between frames, worker pools, and other client technologies.